Category: ansible

Installing VirtualBox Guest Additions on a Debian Bullseye VM with an Ansible playbook

~ Tom's IT Cafe ~ Leave a comment

VirtualBox is a general-purpose full virtualizaton for x86 hardware, targeted at server, desktop and embedded use. The VirtualBox Guest Additions are extra pieces of software that enable better performance and functionality in virtual machines.

We install Guest Additions inside the virtual machine to activate this functionality. In VirtualBox, we can install Guest Additions by selecting Devices > Insert Guest Additions CD Image on the toolbar at the top of our guest OS window. This mounts a virtual disc to the VM. When we do this, our guest OS will respond as if we’ve just inserted a physical disc.

Here’s my example playbook that we can use to install Virtualbox Guest Additions on Debian Bullseye after installing the OS.

Continue reading “Installing VirtualBox Guest Additions on a Debian Bullseye VM with an Ansible playbook”

Configuring the network interface on a Debian Bullseye VM with an Ansible playbook

~ Tom's IT Cafe ~ Leave a comment

Configuring the network interfaces of Linux machines can be tedious and unpredictable if we do it by hand. Let’s automatize the procedure and minimize the possible mistakes with using Ansible! This example uses Debian, but it can be easily ported to any platform.

Here’s my example playbook that can be used to configure network for static IP address on Debian Bullseye after the OS installation.

Continue reading “Configuring the network interface on a Debian Bullseye VM with an Ansible playbook”

Installing Docker Engine on Debian Bullseye as an Ansible playbook

~ Tom's IT Cafe ~ 2 Comments

Docker Engine is an open source containerization technology for building and containerizing our applications. Docker Engine acts as a client-server application with a server with a long-running daemon process dockerd and APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon. Docker Engine is available on a variety of Linux platforms, macOS and Windows 10 through Docker Desktop, and as a static binary installation. Docker Engine is the industry’s de facto container runtime that runs on various Linux (CentOS, Debian, Fedora, Oracle Linux, RHEL, and Ubuntu) and Windows Server operating systems.

Here’s an example playbook that we can use to install Docker Engine on Debian Bullseye after the base OS installation.

Continue reading “Installing Docker Engine on Debian Bullseye as an Ansible playbook”

Using Ansible Galaxy for managing Ansible roles and collections

~ Tom's IT Cafe ~ Leave a comment

Ansible Galaxy is a hub for finding and sharing Ansible content, such as roles and collections. Roles are pre-packaged units of work that can be referenced in Ansible playbooks and immediately put to work. Collections are larger units that can contain multiple roles, modules, plugins, and other Ansible components.

Continue reading “Using Ansible Galaxy for managing Ansible roles and collections”

Handling sensitive data with Ansible Vault: encrypting strings instead of files

~ Tom's IT Cafe ~ 1 Comment

Sometimes we may want to encrypt only a single variable value or a short piece of text that we need to use in our playbook or role. For example, we may want to encrypt a user password or an API key, and not an entire file. Encrypting single variables is also a good idea when we keep our files in Source Control Management like Git.

Ansible Vault has a function to encrypt only parts of files, to encrypt variables instead of the whole file.

Continue reading “Handling sensitive data with Ansible Vault: encrypting strings instead of files”

Configuration file blueprints: Jinja2 templates in the Ansible code

~ Tom's IT Cafe ~ 1 Comment

Templating is a huge work power in Ansible when we want to write reusable code. Just imagine about having to create different playbooks and roles for every host that have a slightly different configuration from each other. That would be nonsense. Luckily we have configuration file templates in Ansible to make our life easier, and Infrastructure as Code less complex. We have already used Jinja2 templates in our playbook when we included variables. Let’s investigate what else can we do!

Continue reading “Configuration file blueprints: Jinja2 templates in the Ansible code”

How to write more advanced Ansible inventory files?

~ Tom's IT Cafe ~ Leave a comment

Previously we took a look at creating a basic plain text file inventory for our Ansible automation project, but we will need more functionality when we start using it seriously. Luckily Ansible provides us some other ways to create groups of hosts and handle them. Let’s investigate what else can we do in an Ansible inventory!

Continue reading “How to write more advanced Ansible inventory files?”

How to implement and use handlers in Ansible code?

~ Tom's IT Cafe ~ Leave a comment

Handlers are Ansible’s solution for running specific operations only when other tasks made changes, like when we update the configuration of a web server, and we want to restart the service. Obviously we do not want to restart the Apache2 on every playbook run, only if there is a change in its configuration. This is why we use handlers.

Continue reading “How to implement and use handlers in Ansible code?”

How to implement Ansible blocks in our code to group and manage tasks together?

~ Tom's IT Cafe ~ Leave a comment

There are some limitations of using YAML instead of a scripting language or a DSL, but the developers of Ansible thought about the issue, and they integrated some cool, more advanced features into the tool. We can use blocks collecting and handling tasks together Let’s investigate this feature a bit more!

Continue reading “How to implement Ansible blocks in our code to group and manage tasks together?”

How to protect sensitive data with encrypted files (or elements) in Ansible – Ansible Vault

~ Tom's IT Cafe ~ Leave a comment

When we automate configurations we cannot avoid providing secrets to Ansible. The last thing we want is our secret data running around in plain text files on our control node. Luckily Ansible has a tool for this.

Ansible Vault is an integrated encryption tool in Ansible to manage sensitive data like passwords, keys and certificates. As with most parts of Ansible, we can start simple, and complexity can come later on.

Continue reading “How to protect sensitive data with encrypted files (or elements) in Ansible – Ansible Vault”

Conditional statements – making decisions in Ansible code

~ Tom's IT Cafe ~ Leave a comment

In a playbook or in a role sometimes we want to run different tasks based on different conditions. In most cases it depends on a fact (detail about the managed host) or some data collected during the playbook run. Ansible conditionals are there to make it possible to run different tasks based on different conditions, or skip executing tasks entirely.

Continue reading “Conditional statements – making decisions in Ansible code”

Loops in the Ansible code – the basics of iteration

~ Tom's IT Cafe ~ Leave a comment

Ansible loops and conditional statements are very cool inventions, but they are a double edged sword as well. The limitless freedom they give us can turn our roles into horrible mess. It is our responsibility to balance on the edge and use just the right amount of them in our code while we keep in mind that YAML is not a programming language.

Continue reading “Loops in the Ansible code – the basics of iteration”

Creating an Ansible role from a playbook: modular, reusable code

~ Tom's IT Cafe ~ 2 Comments

After we ran ad-hoc commands and created a monolith playbook, we will increase our level of automation. We will separate our code much better with introducing modular, reusable file structures called roles. Ansible roles will load variables, handlers and tasks automatically for us based on a defined directory and file structure.

Continue reading “Creating an Ansible role from a playbook: modular, reusable code”